DSBP - Data Safety and Best Practices (Overview)

Data Safety and Best Practices Overview

Introduction

The big idea of this module is that it is important to remain proactive and vigilant as malicious actors are always looking for weak spots. It is critical to identify and mitigate vulnerabilities, perform threat modeling, and harden network access by improving security, thus reducing the risk of cyber attacks. While cybersecurity professionals are hard at work protecting large information technology enterprises, such as companies, organizations, and governments, individual users should be careful as well. There are billions of Internet of Things (IoT) smart devices that can wreak havoc when left unprotected and vulnerable due to lax security, such as default usernames and passwords.

How can you contribute to increasing the safety and security of your school, work, and home networks? Why is it important?

Let me tell you a story… Presenting The Breach of SmartHome Inc.!

The Breach of SmartHome Video

Learning Questions

  1. What are some commonly seen types of vulnerabilities?
  2. How can we use defensive tools to harden and restrict access?
  3. How does the Least Privilege Principle play an important part in cybersecurity?
  4. How can we mitigate the risk of third-party applications?
  5. What is the process of Threat Modeling?
  6. How do we protect IoT devices?

Key Terms

Attack Vectors: Methods or pathways through which a hacker can gain unauthorized access to a computer or network system.

Backup: The process of creating copies of data to enable recovery in case of data loss.

Benchmarks: Standards or set of measurements used as a point of reference for evaluating performance or quality.

Critical Update: A vital software update designed to fix vulnerabilities that could be exploited by cyber attacks.

Devices: Physical hardware units used in computing, like computers, smartphones, or IoT gadgets.

Embed: To integrate a piece of software or code into another software environment or website.

Firewall: A network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.

Hotfix: A quick and immediate fix or patch released to correct specific issues in software.

Internet of Things (IoT): The network of physical devices that are connected to the internet, allowing them to collect and exchange data.

Least Privilege: A security principle that limits user access rights to only what is strictly required for their job.

Mitigate: To reduce the severity, seriousness, or painfulness of something, often used in the context of reducing risks.

Patch/Update: Software additions that improve existing programs, often by fixing vulnerabilities or enhancing functionalities.

Policy: A set of ideas or plans used as a basis for making decisions, especially in governance or business contexts.

Principle: A fundamental truth or proposition that serves as the foundation for a system of belief or behavior.

Procedure: A series of actions conducted in a certain order or manner to achieve a result, especially in a business or technical context.

Ransomware Protection: Security measures implemented to prevent or limit the impact of ransomware attacks, which involve malware that encrypts a user's data and demands payment for its release.

Redundancy: The duplication of critical components or functions of a system to increase reliability and availability.

Scan: The act of examining a system or network to detect security vulnerabilities or malicious activities.

Security Update: A software update specifically designed to improve system security by addressing vulnerabilities.

Services: Functions provided by a computer or network, such as web hosting or cloud computing, that facilitate various tasks.

Shodan: A search engine that lets users find specific types of internet-connected devices and systems.

Smart Device: An electronic device, generally connected to other devices or networks, capable of operating to some extent interactively and autonomously.

System Image: A complete copy of all the data stored on a computer's hard drive, including the operating system, software, and files.

Threat Modeling: The process of identifying, assessing, and prioritizing potential threats to a system.

User Access Control: Mechanisms in a computer system that manage and restrict the capabilities of users based on their identity and authentication.

Vulnerability Assessment: The process of identifying, quantifying, and prioritizing vulnerabilities in a system.

[CC BY-NC-SA 4.0 Links to an external site.] UNLESS OTHERWISE NOTED | IMAGES: LICENSED AND USED ACCORDING TO TERMS OF SUBSCRIPTION - INTENDED ONLY FOR USE WITHIN LESSON.